DefCOM is a three-year
NSF-funded collaborative research grant with the Professor Jelena
Mirkovic and the University of Delaware. Under this grant, the LASR
lab shall demonstrate that an effective defense against flooding
distributed denial-of-servicer (DDoS) attacks, and collatoral damage
can be achieved practically through a sparse deploymet of an overlay
network of defense nodes.

Many critical funstions today are realized through the use of network
services, and DDoS attacks represent a major threat to network
operations. They overwhelm a key resource at the victim network,
generating a flood of seemingly legitimate packets, deny services to
legitimate clients and frequently create heavy Internet
congestion. Attackers need not possess any particular skill to
perpetrate DDoS attacks, and face virtually no risk of
attribution. In spite of numerous research and commercial efforts,
there are still no effective DDoS defenses.

DefCOM, our distributed DDoS
defense system, will distribute nodes throughout the Internet
(organized into peer-to-peer overlays) and will act jointly to detect
and respond to DDoS attacks. Attack resonse is twofold: on
one hand, defense nodes constrain susicious traffic, relieving the
victim from high-volume incoming streams that consume resources; on the
other hand, nodes cooperate to detect legitimate traffic within the
suspicious streams and ensure its correct delivery. Thus, DefCOM achieves the primary goal of
DDoS defense -- that of cancelling the denial-of-service effect.
Additionally, the system has a solid economic model where networks
deploying defense nodes directly benefit from their operation. DefCOM further offers a framework
for existing security systems to join the overlay and cooperate in the
defense. These features create an excellent motivation for wide
deployment and the possibility of a large impact on the DDoS threat.